diff --git a/SOURCES/libpng-CVE-2013-6954.patch b/SOURCES/libpng-CVE-2013-6954.patch
new file mode 100644
index 0000000..9619d8a
--- /dev/null
+++ b/SOURCES/libpng-CVE-2013-6954.patch
@@ -0,0 +1,35 @@
+diff --git a/pngrtran.c b/pngrtran.c
+index 5673193..04eecee 100644
+--- a/pngrtran.c
++++ b/pngrtran.c
+@@ -1900,6 +1900,9 @@ png_read_transform_info(png_structp png_ptr, png_infop info_ptr)
+ 
+          info_ptr->bit_depth = 8;
+          info_ptr->num_trans = 0;
++
++         if (png_ptr->palette == NULL)
++            png_error (png_ptr, "Palette is NULL in indexed image");
+       }
+       else
+       {
+diff --git a/pngset.c b/pngset.c
+index 4177e62..3876103 100644
+--- a/pngset.c
++++ b/pngset.c
+@@ -524,6 +524,16 @@ png_set_PLTE(png_structp png_ptr, png_infop info_ptr,
+          return;
+       }
+    }
++   if ((num_palette > 0 && palette == NULL) ||
++      (num_palette == 0
++ #       ifdef PNG_MNG_FEATURES_SUPPORTED
++            && (png_ptr->mng_features_permitted & PNG_FLAG_MNG_EMPTY_PLTE) == 0
++ #       endif
++      ))
++   {
++      png_error(png_ptr, "Invalid palette");
++      return;
++   }
+ 
+    /* It may not actually be necessary to set png_ptr->palette here;
+     * we do it for backward compatibility with the way the png_handle_tRNS
diff --git a/SPECS/libpng.spec b/SPECS/libpng.spec
index fd315bd..0d04f1a 100644
--- a/SPECS/libpng.spec
+++ b/SPECS/libpng.spec
@@ -2,7 +2,7 @@ Summary: A library of functions for manipulating PNG image format files
 Name: libpng
 Epoch: 2
 Version: 1.5.13
-Release: 2%{?dist}
+Release: 5%{?dist}
 License: zlib
 Group: System Environment/Libraries
 URL: http://www.libpng.org/pub/png/
@@ -14,6 +14,7 @@ Source0: ftp://ftp.simplesystems.org/pub/png/src/libpng-%{version}.tar.bz2
 Source1: pngusr.dfa
 
 Patch0: libpng-multilib.patch
+Patch1: libpng-CVE-2013-6954.patch
 
 BuildRequires: zlib-devel, pkgconfig
 
@@ -58,6 +59,7 @@ necessary for some boot packages.
 cp -p %{SOURCE1} .
 
 %patch0 -p1
+%patch1 -p1
 
 %build
 %configure
@@ -89,6 +91,16 @@ rm -rf $RPM_BUILD_ROOT%{_libdir}/*.la
 %{_libdir}/libpng*.a
 
 %changelog
+* Wed Jan 29 2014 Petr Hracek <phracek@redhat.com> - 2:1.5.13-5
+- Adding patch CVE-2013-6954
+- Resolves: #1056863 
+
+* Fri Jan 24 2014 Daniel Mach <dmach@redhat.com> - 2:1.5.13-4
+- Mass rebuild 2014-01-24
+
+* Fri Dec 27 2013 Daniel Mach <dmach@redhat.com> - 2:1.5.13-3
+- Mass rebuild 2013-12-27
+
 * Thu Feb 14 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2:1.5.13-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
 
@@ -417,7 +429,7 @@ Resolves: #226038
 * Sun Sep  3 2000 Florian La Roche <Florian.LaRoche@redhat.de>
 - only include the man5 man-pages once in the main rpm
 
-* Thu Jul 28 2000 Preston Brown <pbrown@redhat.com>
+* Fri Jul 28 2000 Preston Brown <pbrown@redhat.com>
 - upgrade to 1.0.8 - fixes small memory leak, other bugs
 
 * Thu Jul 13 2000 Prospector <bugzilla@redhat.com>